大猩猩会话包混淆

huangapple go评论92阅读模式
英文:

Gorilla session package confusion

问题

从PHP背景出发,我对Gorilla sessions包有些困惑。

Gorilla sessions的行为类似于$_SESSION['name']还是类似于PHP中的$_COOKIE['name']

我想尝试使用这两种方式为我的Go Web应用程序创建用户会话,但我不确定Gorilla sessions是否是一个好的选择。我希望那些没有点击登录表单上的“记住我”按钮的用户在关闭浏览器后会话被清除,而其他用户则会有一个与之关联的cookie。那么Gorilla sessions能够处理这两种情况吗?还是我应该在这种情况下使用其他的东西?

英文:

Coming from a PHP background I'm a little confuse about Gorilla sessions package.

Does Gorilla act similar to $_SESSION['name'] or does it act similar to $_COOKIE['name'] from PHP?

I'm trying to use both ways to create a user session for my Go web application, but I'm not sure if Gorilla sessions will be a good package to use. I want the users who didn't click on the "remember me" button on the login form to have their session erased after closing their browser, whereas everyone else will have a cookie associated with them. So would Gorilla sessions be able to handle both scenarios or should I use something else in this case?

答案1

得分: 7

这完全取决于你使用的存储后端。

gorilla/sessions 包内置了基于 cookie 和文件系统的存储方式。它没有内存存储方式,这与 PHP 的 $_SESSION 类似。

我的建议是:

  • 使用内置的 cookie 存储方式,它使用签名的 cookie。它非常适合大多数情况,并且实现起来最简单。
  • 如果你需要服务器端的会话(即在会话中存储大量值),可以从可用的实现中选择 - Redis、BoltDB、MySQL、Postgres 等。

我个人有使用 Redis 后端存储(redistore),效果非常好。如果你偏好使用 BoltDB(基于文件的键值存储)或 Postgres 存储,它们也是可靠的选择。

我希望那些没有点击登录表单上的“记住我”按钮的用户在关闭浏览器后会话被清除,而其他用户将有一个与他们关联的 cookie。那么 Gorilla sessions 能处理这两种情况吗?还是我应该在这种情况下使用其他东西?

请注意,所有实现都需要一个“cookie” - 只是这个 cookie 是自包含的存储,还是只包含一个指向后端存储中的行/值的标识符。

你可以通过设置 session.Options.MaxAge = 0 来设置“会话 cookie”(即只在标签页/浏览器会话期间有效),具体请参考 gorilla/sessions 文档的这一部分

例如:

func MyHandler(w http.ResponseWriter, r *http.Request) {
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }

    // 添加逻辑来检查 r.FormValue 是否选中了 remember_me 复选框。

    // 临时会话
    session.Options.MaxAge = 0

    // 设置一些会话值。
    session.Values["user"] = someUser
    // 在写入响应/从处理程序返回之前保存会话。
    session.Save(r, w)
}

希望对你有所帮助。

英文:

It entirely depends on which storage back-end you use.

The gorilla/sessions package has built-in cookie & filesystem based stores. There is no memory-based store, which is roughly what PHP's $_SESSION is.

My recommendation:

  • Use the built-in cookie store, which uses signed cookies. It is well suited for most purposes and is the easiest to implement.
  • If you have a need for server-side sessions (i.e. storing large values in the session), pick from the available implementations - Redis, BoltDB, mySQL, Postgres, etc.

I have first-hand experience with the Redis backed store (redistore), which has been great. The BoltDB (a file-based key store) and Postgres stores are also solid if you have a preference for those.

> I want the users who didn't click on the "remember me" button on the login form to have their session erased after closing their browser, whereas everyone else will have a cookie associated with them. So would Gorilla sessions be able to handle both scenarios or should I use something else in this case?

Note that all implementations require a "cookie" - it's just whether the cookie is the self-contained store, or whether it just holds an identifier referring to a row/value in the back-end store.

You can set "session cookies" (i.e. last only as long as the tab/browser session) by setting session.Options.MaxAge = 0 as per this part of the gorilla/sessions docs.

e.g.

func MyHandler(w http.ResponseWriter, r *http.Request) {
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }

    // Add your logic to check the r.FormValue for your remember_me checkbox.

    // Temporary session
    session.Options.MaxAge = 0

    // Set some session values.
    session.Values["user"] = someUser
    // Save it before we write to the response/return from the handler.
    session.Save(r, w)
}

Hope that helps.

huangapple
  • 本文由 发表于 2015年8月12日 05:12:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/31952033.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定